From 6b4f7564f4e4f5eb04a478d3606d279649f5288e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mariusz=20=C4=86wik=C5=82a?= Date: Thu, 26 Nov 2020 09:06:17 +0100 Subject: [PATCH] Fix SSLContext#ciphers= --- .../org/jruby/ext/openssl/CipherStrings.java | 8 ++++- .../org/jruby/ext/openssl/SSLContext.java | 6 +++- src/test/ruby/ssl/test_context.rb | 33 +++++++++++++++++++ 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jruby/ext/openssl/CipherStrings.java b/src/main/java/org/jruby/ext/openssl/CipherStrings.java index c626fd9b..7489d20c 100644 --- a/src/main/java/org/jruby/ext/openssl/CipherStrings.java +++ b/src/main/java/org/jruby/ext/openssl/CipherStrings.java @@ -560,10 +560,16 @@ static Collection matchingCiphers(final String cipherString, final String[] private static Collection matchingExact(final String name, final String[] all, final boolean setSuite) { - final Def pattern = Definitions.get(name); + Def pattern = Definitions.get(name); if ( pattern != null ) { return matchingPattern(pattern, all, true, setSuite); } + else { + Def cipher = CipherNames.get(name); + if (cipher != null) { + return Collections.singleton(cipher); + } + } return null; // Collections.emptyList(); } diff --git a/src/main/java/org/jruby/ext/openssl/SSLContext.java b/src/main/java/org/jruby/ext/openssl/SSLContext.java index cb02f440..7d1ac22c 100644 --- a/src/main/java/org/jruby/ext/openssl/SSLContext.java +++ b/src/main/java/org/jruby/ext/openssl/SSLContext.java @@ -518,7 +518,11 @@ else if ( ciphers instanceof RubyArray ) { StringBuilder cipherStr = new StringBuilder(); String sep = ""; for ( int i = 0; i < ciphs.size(); i++ ) { - cipherStr.append(sep).append( ciphs.eltInternal(i).toString() ); + IRubyObject elem = ciphs.eltInternal(i); + if (elem instanceof RubyArray) { + elem = ((RubyArray) elem).eltInternal(0); + } + cipherStr.append(sep).append( elem.toString() ); sep = ":"; } this.ciphers = cipherStr.toString(); diff --git a/src/test/ruby/ssl/test_context.rb b/src/test/ruby/ssl/test_context.rb index a441c622..0ea96212 100644 --- a/src/test/ruby/ssl/test_context.rb +++ b/src/test/ruby/ssl/test_context.rb @@ -184,4 +184,37 @@ def test_context_ciphers assert_equal [], diff end unless java7? # would need to filter out stuff such as ECDHE-RSA-AES128-GCM-SHA256 + def test_set_ciphers_by_group_name + context = OpenSSL::SSL::SSLContext.new + context.ciphers = "AES" + + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-RSA-AES128-SHA") + assert actual.include?("ECDHE-ECDSA-AES128-SHA") + assert actual.include?("AES128-SHA") + end + + def test_set_ciphers_by_cipher_name + context = OpenSSL::SSL::SSLContext.new + context.ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384" + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256") + assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384") + end + + def test_set_ciphers_by_array_of_names + context = OpenSSL::SSL::SSLContext.new + context.ciphers = ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384"] + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256") + assert actual.include?("ECDHE-ECDSA-AES256-GCM-SHA384") + end + + def test_set_ciphers_by_array_of_name_version_bits + context = OpenSSL::SSL::SSLContext.new + context.ciphers = [["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1.2", 128, 128]] + actual = context.ciphers.map { |cipher| cipher[0]} + assert actual.include?("ECDHE-ECDSA-AES128-GCM-SHA256") + end + end